[FFmpeg-devel] [PATCH]lavc/bmp: Avoid a heap buffer overwrite for 1bpp

Carl Eugen Hoyos ceffmpeg at gmail.com
Tue Mar 26 22:17:15 EET 2019


2019-03-26 20:51 GMT+01:00, Michael Niedermayer <michael at niedermayer.cc>:
> On Tue, Mar 26, 2019 at 01:38:14PM +0100, Carl Eugen Hoyos wrote:
>> Hi!
>>
>> Attached patch intends to fix a buffer overwrite reported today.
>>
>> Please comment, Carl Eugen
>
>>  bmp.c |    5 ++++-
>>  1 file changed, 4 insertions(+), 1 deletion(-)
>> ab9b89481fc3c93d4a631fb1d6b25dddbdd4bb50
>> 0001-lavc-bmp-Avoid-a-heap-buffer-overwrite-for-1bpp-inpu.patch
>> From bd0dfa740f879eca6b13bb841e3b8d37718460ea Mon Sep 17 00:00:00 2001
>> From: Carl Eugen Hoyos <ceffmpeg at gmail.com>
>> Date: Tue, 26 Mar 2019 13:32:11 +0100
>> Subject: [PATCH] lavc/bmp: Avoid a heap buffer overwrite for 1bpp input.
>>
>> Found by Mingi Cho, Seoyoung Kim, and Taekyoung Kwon
>> of the Information Security Lab, Yonsei University.
>> ---
>>  libavcodec/bmp.c |    5 ++++-
>>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> LGTM

Patch applied.

Thank you, Carl Eugen


More information about the ffmpeg-devel mailing list